CVE-2022-26138 PoC — Atlassian Confluence Server 信任管理问题漏洞

Source

https://github.com/z92g/CVE-2022-26138

Associated Vulnerability

Title:Atlassian Confluence Server 信任管理问题漏洞 (CVE-2022-26138)
Description:The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Description

Confluence Hardcoded Password POC

Readme

# CVE-2022-26138

# 1.简介
Confluence Hardcoded Password POC

# 2.用法

```
poc -f host.txt  // 批量扫描
poc -h 192.168.1.1 // 单个扫描
```
![image](https://user-images.githubusercontent.com/108780847/181880291-6ad1d033-7a43-41a4-bb22-3fbb38933204.png)

# 3.免责声明

此工具仅用于学习、研究和自查。
不应用于非法目的，请遵守相关法律法规。
使用本工具产生的任何风险与本人无关！

File Snapshot


 [4.0K]  /data/pocs/fa3b40efa3ee69aba6d7eccfaaf5903657e309e9
├── [2.6K]  CVE-2022-26138.go
├── [1.3K]  go.mod
├── [ 30K]  go.sum
├── [ 704]  main.go
└── [ 443]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!